## Last changed: 2021-02-12 22:16:21 UTCversion 12.3X48-D105.4;system {

1. ## Last changed: 2021-02-12 22:16:21 UTC
2. version 12.3X48-D105.4;
3. system {
4. root-authentication {
5.  
6. }
7. name-server {
8. 208.67.222.222;
9. 208.67.220.220;
10. }
11. services {
12. ssh;
13. telnet;
14. xnm-clear-text;
15. web-management {
16. http {
17. port 80;
18. interface ge-0/0/0.0;
19. }
20. }
21. dhcp {
22. pool 192.168.16.0/24 {
23. address-range low 192.168.16.186 high 192.168.16.254;
24. router {
25. 192.168.16.1;
26. }
27. propagate-settings ge-0/0/1.0;
28. }
29. pool 192.168.0.0/24 {
30. address-range low 192.168.0.100 high 192.168.0.254;
31. router {
32. 192.168.0.1;
33. }
34. propagate-settings ge-0/0/3.0;
35. }
36. }
37. }
38. syslog {
39. archive size 100k files 3;
40. user * {
41. any emergency;
42. }
43. file messages {
44. any critical;
45. authorization info;
46. }
47. file interactive-commands {
48. interactive-commands error;
49. }
50. }
51. max-configurations-on-flash 5;
52. max-configuration-rollbacks 5;
53. license {
54. autoupdate {
55. url https://ae1.juniper.net/junos/key_retrieval;
56. }
57. }
58. }
59. security {
60. screen {
61. ids-option untrust-screen {
62. icmp {
63. ping-death;
64. }
65. ip {
66. source-route-option;
67. tear-drop;
68. }
69. tcp {
70. syn-flood {
71. alarm-threshold 1024;
72. attack-threshold 200;
73. source-threshold 1024;
74. destination-threshold 2048;
75. timeout 20;
76. }
77. land;
78. }
79. }
80. }
81. nat {
82. source {
83. rule-set trust-to-untrust {
84. from zone trust;
85. to zone untrust;
86. rule source-nat-rule {
87. match {
88. source-address 0.0.0.0/0;
89. destination-address 0.0.0.0/0;
90. }
91. then {
92. source-nat {
93. interface;
94. }
95. }
96. }
97. }
98. }
99. }
100. policies {
101. from-zone trust to-zone untrust {
102. policy trust-to-untrust {
103. match {
104. source-address any;
105. destination-address any;
106. application any;
107. }
108. then {
109. permit;
110. }
111. }
112. }
113. from-zone trust to-zone trust {
114. policy trust-to-trust {
115. match {
116. source-address any;
117. destination-address any;
118. application any;
119. }
120. then {
121. permit;
122. }
123. }
124. }
125. }
126. zones {
127. security-zone trust {
128. address-book {
129. address local-addreses 192.168.0.0/24;
130. }
131. host-inbound-traffic {
132. system-services {
133. all;
134. }
135. protocols {
136. all;
137. }
138. }
139. interfaces {
140. ge-0/0/1.0;
141. ge-0/0/2.0;
142. ge-0/0/3.0 {
143. host-inbound-traffic {
144. system-services {
145. all;
146. }
147. protocols {
148. all;
149. }
150. }
151. }
152. }
153. }
154. security-zone untrust {
155. screen untrust-screen;
156. interfaces {
157. ge-0/0/0.0 {
158. host-inbound-traffic {
159. system-services {
160. all;
161. }
162. protocols {
163. all;
164. }
165. }
166. }
167. }
168. }
169. }
170. }
171. interfaces {
172. ge-0/0/0 {
173. description Uplink;
174. unit 0 {
175. family inet {
176. address 192.168.16.4/24;
177. }
178. }
179. }
180. ge-0/0/1 {
181. description EI;
182. vlan-tagging;
183. unit 0 {
184. vlan-id 3;
185. family inet;
186. }
187. }
188. ge-0/0/2 {
189. unit 0 {
190. family inet {
191. address 192.168.2.1/24;
192. }
193. }
194. }
195. ge-0/0/3 {
196. description OS;
197. speed 1g;
198. link-mode full-duplex;
199. gigether-options {
200. auto-negotiation;
201. }
202. unit 0 {
203. family inet {
204. address 192.168.0.1/24;
205. }
206. }
207. }
208. }
209. routing-options {
210. static {
211. route 0.0.0.0/0 next-hop 192.168.16.1;
212. }
213. }
214. firewall {
215. family inet {
216. filter common-filter {
217. term traff {
218. from {
219. interface ge-0/0/0;
220. }
221. then {
222. routing-instance to-untrust; ## 'to-untrust' is not defined
223. }
224. }
225. term default {
226. then accept;
227. }
228. }
229. }
230. }